This IT Security awareness document is meant for all Mannai employees accessing data and
services on Mannai Network, either remotely or on premise.
This document provides IT Security guidelines that should be adhered by all Mannai employees.
Importance of Security
The internet allows an attacker to attack from anywhere on the planet.
Risks caused by poor security knowledge and practice:
Identity Theft
Monetary Theft
Legal Ramifications (for yourself and companies)
According to www.SANS.org , the top vulnerabilities available for a cyber criminal are:
Web Browser
IM Clients
Web Applications
Leading Threats
Virus
Worm
Social Engineering
Botnets / Zombies
Virus
A virus attaches itself to a program, file, or disk
Program
A
Extra Code
Program
B
Worm
Independent program which replicates itself and
sends copies from computer to computer across
network connections. Upon arrival the worm may
be activated to replicate.
Social Engineering
Social engineering manipulates people into performing actions or divulging confidential
information. Similar to a confidence trick or simple fraud, the term applies to the use of deception
to gain information, commit fraud, or access computer systems.
Phone Call:
This is Bob, the
System Admin.
What is your
password?
Email:
ABC Bank has
noticed a
problem with
your account
In Person:
What ethnicity
are you? Your
mothers
maiden name?
and have
some
software
patches..
I have come
to repair your
machine
Botnet
A botnet is a large number of compromised computers that are used to create and send spam or
viruses or flood a network with messages as a denial of service attack. The compromised computers are
called zombies
Malware Detection
Spyware symptoms:
Changes to your browser homepage/start page
Ending up on a strange site when conducting a search
Mysterious new toolbars that you cannot change
Lots of network activity while not particularly active
Excessive pop-up windows
New icons, programs, favorites which you did not add
Frequent firewall alerts about unknown programs trying to access the Internet
Bad/slow system performance
Puzzling search results
12
Sensitive Data
Users must protect all sensitive data and files (Defined as data, documents, or files)
Data may only be stored on devices owned and approved by Mannai
Must password protected in transit (For example, via e-mail or on any portable device)
13
Physical Security
Lock your workstation when you leave your desk or leave your
laptop/desktop device unattended
Press the Windows Key and L (at the same time)
Or Press Ctrl-Alt-Del and Lock Computer
14
Passwords
Your Password
Your password is also a key. Individuals will try to steal your
passwords if they are in plain sight or easy to determine.
Do not write down your passwords on sticky notes or paper in
plain sight.
Change your passwords frequently and make them hard to
guess.
Use Complex passwords: Password must contain Uppercase
letters, lower case letters, numbers and symbols (!,@,#,$)
15
Calculati
on
Result
Time to Guess
(2.6x1018/month)
20
Manual 5 minutes
Social Engineering
Manual 2 minutes
80,000
< 1 second
American Dictionary
4 chars: lower case alpha
264
5x105
268
2x1011
8 chars: alpha
528
5x1013
8 chars: alphanumeric
628
2x1014
3.4 min.
728
7x1014
12 min.
958
7x1015
2 hours
12 chars: alphanumeric
6212
3x1021
96 years
12 chars: alphanumeric + 10
7212
2x1022
500 years
9512
5x1023
16 chars: alphanumeric
6216
5x1028
Threats
Current Threats
The following slides include a few examples of the kinds of threats you may
encounter with suggestions on how you can protect yourself, your data, your
organization and Mannai systems from malicious users/intent.
You Control What You Choose to Click
Most end user threats are targeted specifically with an intent that you will click on a
harmful link, attachment, picture, video or icon in an email or a web page, including
social media applications and news portals.
What you can do STOP, and THINK, BEFORE you CLICK
Your job is to be aware, be alert and diligent. Always look for the signs that external
entities are trying to gain access to your PC, your network and your personal
information. Legal and genuine websites will never ask for your personal information
related to passwords, credit cards, bank account numbers etc.
Email Threats
Phishing, Spoofs, Goofs, Hoaxes, Malware, Scams and Spam
The most prevalent and persistent threats to your security come to you in your Inbox. They
come by different names and may even appear legitimate and even supposedly from
people you may know.
They all have one thing in common: They are designed to get you to click on an item like
an attachment, link or picture.
Result: If you click, you may launch a harmful program or be directed to a harmful web
site. You may then find your personal information compromised and you may subject your
network to malicious software.
Stop: Do not reply. Do not assume the contents in your email are
always safe and genuine.
Think: If you cannot identify the source and attachments as legitimate
or be sure the sender address is safe by looking at the header, you
can logically conclude that you should beware.
Reply: Only after you are completely confident that the action is safe.
18
One of the easiest way to identify if an email is legitimate or not, is to simply look at the From
field. By doing so, you will be able to tell if the email is from a recognizable sender that is linked
to the actual sender name.
19
20
21
These emails do not originate from Mannai and do not have any contact with the
Mannai Mail system their addresses are just edited to make them appear that
way.
22
Symbol showing
enhanced security
Internet Threats
Unsecure Browsing Can Be Hazardous To Your PC
The Internet is a significant resource for business services. However, some of the same issues
as with email and web browsing can create security issues that you need to be aware of.
Common Threats: On the web, threats come from malicious links. Most of the threats
originate when you click on a link that launches a malicious program or re-directs you to a
dangerous site.
Result: If you click, you may launch harmful programs or be directed to a harmful web site.
You may then find your personal, client, or sensitive business information compromised and
you may subject your PC and network to malicious software.
Stop: Do not automatically click on Internet links until you have confidence in them. This
includes pictures, videos, and navigational elements.
Think: Look at the actual address for the links in question. For instance if the link indicates
Click Here be sure to hover your mouse pointer over the link and investigate the actual
web address before you proceed.
Click: Only after you are completely confident that the web site is safe.
24
Stop! and Think (consider appropriateness and risk) before I connect to the
Internet.
Create and use strong passwords, and never share my password(s) with anyone.
Never leave a written password (sticky note, etc.) near my computer, or easily
accessible.
IT Security Policies
All users are required to adhere to the following Mannai Corporation IT Policies
and Guidelines;
http://mannaiintranet/MWM/mhrd/HR%20Policy/IT%20Policies%20and%20Guidelines%202015.pdf
26
27